A Customer-Centric Approach to Fraud

We spend a lot of time working on how to block the bad guys. You know who I am talking about, the folks trying to game the system to get a quick deal. We are getting really good at it, so good, that sometimes I suspect our customers don’t notice. And that is precisely the point.

You see, once you start getting involved in referrals (and any form of incentive marketing), you can get pretty suspicious. And the instinct is to put up walls. The more we filter out the bad eggs up front, the more likely we will have a good program out the back, right? And in fact most of the older “Member get Member” programs run by credit card and mobile carriers demonstrate this when they require people to “become an ambassador” or “register as a referrer.” Extole-powered programs generally don’t do this. We think that everyone should be an advocate, and so we don’t make the people who we value the most do any extra work.

This approach extends to our fraud detection. We use massive quantities of data (and experience!) to have great fraud detection with minimum customer inconvenience.

We think that everyone should be an advocate, and so we don’t make the people who we value the most do any extra work.

Recently one of our clients challenged us: “Why do you send emails if the ‘friend’ email address is the same as the email address of the customer sending the share. It is obviously fraud!” Well, we can of course prevent advocates sending an email to themselves, and we will do it for customers who really demand it. If you presume that everyone is trying to cheat, then it probably offers a bit of comfort. But there are some very good reasons we don’t, and we truly think it is the lesser choice.

A few years back, we evaluated this rule. First, we reached out to people who had shared with themselves. We also evaluated whether any of these “self-senders” were being caught later in the referral process and whether it was creating actual fraud. Did the people sending to themselves actually qualify for any rewards? We found out that our assumptions, which, in our opinion, were thoughtful, sensitive, and a wee bit wise, were mostly wrong.

So what did people say? First off, they sent to themselves to see what the share message looked like. If they were going to send an email on behalf of a company, they wanted to make sure it didn’t seem markety. Secondly, they wanted to get a copy of their share link that they could forward on their own. Having to go back to the site to get it seemed inefficient. Makes sense!

But the bigger issue was that we came to the conclusion that blocking emails (the way some referral programs do) can increase, rather than decrease fraud. I used italics because, well, that conclusion is counter intuitive. When we looked at the cohort of self-referrers, we found they were getting caught later in the process. So, if they were a self-dealing scoundrel, their rampage across the countryside was short and unrewarding.

What makes it worse is that when you immediately gave an error message to someone who is actually trying to abuse the program, then, not surprisingly, they thank you for revealing your sources and methods, and they use a different email. Or, the truly nimble-minded would notice immediately that their share link was literally on the page where they could copy it and send it to themselves. Or they could share only to themselves on Facebook. So we let them send that email and pat themselves on the back, unaware that we have no intention of letting them earn a reward.

As a benefit, for those people who were neither scalliwags nor n’er-do-wells, there is one fewer barrier to using the program in a way that seems intuitive to them.

We have the most sophisticated fraud detection in the referral marketplace, and we are pretty good at finding the bad guys. As a result, we can let good people do good things without making them prove they are not bad. It’s a customer-centric approach. And, well, that is just the way we do things around here.